How to: Set Up Secure Sockets Layer (SSL)

You can optionally use the Secure Sockets Layer (SSL) protocol to secure the communication link between Visual SourceSafe clients and the server. When you configure the server for SSL, all data transmitted can be encrypted to ensure confidentiality.

Use of SSL requires a server certificate issued by a certificate authority (CA). Your company might have its own certificate. If not, you can get one from the certificate authority used by your site.

For SSL to work, you must install the server certificate on the server machine. Each client machine needing secure database access must also have a root CA certificate from the authority used by the server.

SSL only works for TCP/IP. You can configure the server to force the use of encryption for all connections.

Enabling SSL

To create a certificate

  1. Ensure that Windows Server 2003 is installed on your computer.

  2. Make sure that IIS is installed and enabled. For more information, see How to: Enable Internet Information Services (IIS).

  3. Install Microsoft Certificate Services for your operating system, to allow creation of server authentication certificates.


    You can also use the SelfSSL utility from the IIS resource kit to help create an SSL certificate and assign it to IIS. For more information, download the IIS 6.0 Resource Kit Tools.

  4. Start Internet Explorer and browse to Microsoft Certificate Services, for example: https://MyCA/certsrv.

  5. Click Request a certificate, then click Next.

  6. Click Advanced request, then click Next.

  7. Click Submit a certificate request to this CA using a form, then click Next to show the certificate request form.

  8. Fill in the fully qualified domain name of the server machine, for example,

  9. In the Intended Purpose (or Type of Certificate Needed) field, click Server Authentication Certificate.

  10. For the cryptographic service provider (CSP), select Microsoft RSA SChannel Cryptographic Provider, Microsoft Base Crypto Provider version 1.0, or Microsoft Enhanced Cryptographic Provider. Do not select the Microsoft Strong Cryptographic Provider.

  11. Select the Use local machine store box.

  12. Ensure that Enable strong private key protection is not selected.

  13. Click Submit to send the request.

  14. If the certificate server automatically issues certificates, you can install the certificate now. Otherwise, you can install it after it has been issued by the CA administrator.

To assign an SSL server certificate to a Web site

To assign an SSL server certificate to a Web site

  1. In IIS Manager, expand the local computer, and then expand the Web Sites folder.

  2. Right-click the Web site to which you want to assign the certificate and click Properties.

  3. Select the Directory Security tab and under Secure communications, click Server Certificate.

  4. In the Web Server Certificate Wizard, click Assign an existing certificate.

  5. Follow the steps in the Web Server Certificate Wizard, which guides you through the process of installing a server certificate. After you have completed the wizard, you can view the information about the certificate by clicking the View Certificate button on the Directory Security tab of the Web sites Properties page.

Installing the CA Certificate

To install the CA certificate

  1. Start Internet Explorer and browse to Microsoft Certificate Services, for example: https://MyCA/certsrv.

  2. Select Check on a pending certificate.

  3. Click Start, and then click Run.

  4. Type mmc, and then click OK.

  5. On the Console menu, click Add/Remove Snap-in.

  6. Click Add.

  7. Click Certificates and then click Add.

  8. Click Computer account and then click Next.

  9. Ensure that Local computer:(the server computer) is selected and click Finish.

  10. Click Close.

  11. In the left pane tree view, expand Certificates (Local Computer), expand Personal, and then select Certificates.

  12. Verify that there is exactly one certificate with the fully qualified domain name that you specified. You can double-click to view details.

  13. Distribute the public key for the certificate to users who might want to access the Visual SourceSafe database using a secure connection, for example, users of the SourceSafe Internet plug-in for Visual Studio. You can either use e-mail or copy the key from your computer to a user over the network.

See Also


How to: Enable Internet Information Services (IIS)

Other Resources